You are on page 1of 45

Cybersecurity and

U.S.-China Relations
. W.
Kenneth Lieberthal and Peter W. Singer

February 2012
i


Cybersecurity and
US-China Relations
. W.
Kenneth Lieberthal and Peter W. Singer

February 2012

21

1).

2).

3).

iii

iv

2010-2011
21

vi

vii

viii

ix

90
250Gb
(1)

(2)

(3)

(4) 2011

Shady RAT
72(5)

(6)

(7)

2011
(8)
20107

Carl Levin
Brent Scowcroft

Mike Mullen(9)
(10)

(11) 2011
21
(12)

(13)

(14)

(15)
80%

(16) 201112

(17)

(18)

(19)

(20)
HostExploit
50
20(21)

1310

3
ICANN

IP
(22)

Stuxnet

(23)

(24)

(25)

engagement
(26)

(27)
(28)

(29)

(30)

(31)
(32)

(33)

(34)

20014(35)

(36)

Stuxnet(37)


(38)

(39)

(40)

(41)

pwn

(42)

10

(43)

(44)

(45)

Conficker

11


(46)

(47)201110

(48)

(49)

12

APT

(50)

(51)

(52)

(53)

(54)

13

2009
(Natanz)
20106

201011

(55)

(56)

14


Facebook

2011
(57)

(58)

(59)

15

16

(60)

(61)
Duqu

(62)

17

(63)

18

(64)

19

(65)

20

1.5

21

(66)

(67)

--

22

(ISPs)

(68)

(69)

MIRVs(70)

(71)

23

(72)

24

1962

2011

(73) (74)

CIA

25

KGB

(75)

James Cartwright

(76)

26

27

28

Endnotes

(1) Security in Embedded Devices, McAfee presentation, June 22, 2011.


(2) R
 ichard D. Fisher, Jr. Cyber Warfare Challenges and the Increasing Use of American and European Dual-Use Technology for Military Purposes by the Peoples
Republic of China (PRC), Testimony before House Committee on Foreign Affairs,
Oversight and Investigations Subcommittee, Hearing on Communist Chinese
Cyber-Attacks, Cyber-Espionage and Theft of American Technology. April 15,
2011; Larry M. Wortzel. Chinas Approach to Cyber Operations: Implications for
the United States, Testimony before House Committee on Foreign Affairs, Hearing
on The Google Predicament: Transforming U.S. Cyberspace Policy to Advance
Democracy, Security, and Trade. March 10, 2010. ,
(Cyber Security and the Non-traditional Elements in SinoU.S. Relations), 322 (4, 2010) http://www.globalview.cn/ReadNews.
asp?NewsID=22733.
(3) M
 arc Brown, Embedded Device Security in the New Connected Era, Electronic
Engineering Journal, accessed Sept. 26, 2011, http://www.eejournal.com/archives/
articles/20110818-windriver/.
(4)
 20118
34201111
6 Hiroko Tabuchi, U.S. Expresses Concern About New Cyberattacks in Japan, New York Times,
September 21, 2011, http://www.nytimes.com/2011/09/22/world/asia/us-expressesconcern-over-cyberattacks-in-japan.html. http://www.nytimes.com/2010/01/13/
world/asia/13beijing.html?pagewanted=all. Greg Weston, Foreign Hackers Attack
Canadian Government, CBS News, Feb 16, 2011, http://www.cbc.ca/news/politics/
story/2011/02/16/pol-weston-hacking.html. David E. Sanger and John Markoff,
I.M.F. Reports Cyberattack Led to Very Major Breach, New York Times, June 11,
2011, http://www.nytimes.com/2011/06/12/world/12imf.html.
(5) D
 avid E. Sanger and John Markoff, I.M.F. Reports Cyberattack Led to Very Major
Breach, New York Times, June 11, 2011, http://www.nytimes.com/2011/06/12/
world/12imf.html
(6) Ibid.
(7) M
 ichiko Kakutani, The Attack Coming From Bytes, Not Bombs, New York
Times, April 26, 2010, http://www.nytimes.com/2010/04/27/books/27book.
html?pagewanted=all.

29

(8) O
 ffice of the National Counterintelligence Executive, Foreign Spies Stealing US
Economic Secrets in Cyberspace, October 2011, available at http://www.ncix.gov/
publications/reports/fecie_all/Foreign_Economic_Collection_2011.pdf.
(9) N
 ominations of Vice Admiral James A. Winfield, Jr., and Lieutenant General Keith B. Alexander Before the Senate Armed Services Committee, 111th
Congress, available at http://armed-services.senate.gov/Transcripts/2010/04%20
April/10-32%20-%204-15-; Karen Parrish, Mullen Offers 40 year Perspective on
Social, Military Issues, American Foreign Press Service, September 23, 2011.
(10)
 Brent Scowcroft
David Ignatius, Cold War Feeling on Cybersecurity, Real Clear Politics, August 26, 2010, http://www.realclearpolitics.com/
articles/2010/08/26/cold_war_feeling_on_cybersecurity_106900.html.
(11) N
 oah Shactman and PW Singer, The Wrong War, Government Executive, Oct.
15, 2011 http://www.brookings.edu/articles/2011/0815_cybersecurity_singer_
shachtman.aspx
(12) R
 onald Deibert, Tracking the Emerging Arms Race in Cyberspace, Bulletin
of the Atomic Scientists, January/February 2011 vol. 67 no. 1, p. 1-8 available at
http://bos.sagepub.com/content/67/1/1.full
(13) D
 epartment of Defense, Strategy for Operating in Cyberspace, July 2011, available
at http://timemilitary.files.wordpress.com/2011/07/d20110714cyber.pdf
(14) J iang Yu, a representative of the Chinese MFA, as quoted in Also China Denies
Pentagon Cyber-Raid, http://news.bbc.co.uk. September 4, 2007.
(15)
 Su Hao
China was accused time and again for launching cyber attacks abroad but there
was never any solid proof. Actually, China has become a victim of such repeated
claims, Nation needs more Internet security China Daily, Dec. 29, 2010.
(16) A
 i Yang, Nation needs more Internet security China Daily, Dec. 29, 2010.
(17) L
 ea Yu and Xuyan Fang, 100 Million Usernames, Passwords Leaked, Caixin Online, December 29, 2011. http://english.caixin.com/2011-12-29/100344138.html.
(18)  201162, accessed September 26,
2011, http://vancouver.china-consulate.org/chn/fyrth/t827448.htm. ,
(Chinas Servers Network Security Faces Great
Danger), , May 18, 2010, http://news.xinhuanet.com/mil/2010-05/18/
content_13511986.htm. :
,, January 22, 2010, http://news.xinhuanet.com/politics/2010-01/22/
content_12859136_1.htm.
(19) S haun Waterman, China Open to Cyber-attack, The Washington Times, March
17, 2011, accessed September 26, 2011, http://www.washingtontimes.com/
news/2011/mar/17/china-open-to-cyber-attack/?page=all. IT
(Famous IT Magazine Claims: China is a Heated
Target for Hackers), , accessed September 2, 2011, http://it.people.com.cn/
GB/42891/42894/3308326.html.
(20)  , , April 10, 2009,
accessed September 26, 2011, http://news.xinhuanet.com/mil/2009-04/10/content_11163263.htm.

30

(21) N
 oah Shachtman, Pirates of the ISPs, Brookings Cybersecurity Paper, June 2011,
http://www.brookings.edu/~/media/Files/rc/papers/2011/0725_cybersecurity_
shachtman/0725_cybersecurity_shachtman.pdf
(22)  , , August 20, 2009, 2. http://paper.
people.com.cn/gjjrb/html/2009-08/20/content_323598.htm.
(23)  The FP Survey: The Internet. Foreign Policy, September/October 2011. P 116
, , , February 10, 2011, 4.
(24)
 , , P 09, June 3, 2011.
http://zqb.cyol.com/html/2011-06/03/nw.D110000zgqnb_20110603_1-09.htm
(25)
 , , 01, 2010: 11-16.
, 911 , , 00,
2006. James A. Lewis, Cyber Security and US-China Relations, China U.S.
Focus, July 6, 2011, accessed September 26, 2011, http://www.chinausfocus.com/
peace-security/cyber-security-and-us-china-relations/. Adam Segal, The Role of
Cyber Security in US-China Relations, East Asia Forum, June 21, 2011, accessed
September 26, 2011, http://www.eastasiaforum.org/2011/06/21/the-role-of-cybersecurity-in-us-china-relations/.
(26) K
 ing Jr., N. and J. Dean, Untranslatable Word in U.S. Aides Speech Leaves Beijing Baffled; Zoellick Challenges China To Become Stakeholder; What Does that
Mean? The Wall Street Journal, Dec. 7, 2005.
(27) H
 illary Rodham Clinton, Remarks on Internet Freedom, January 21, 2010,
http://www.state.gov/secretary/rm/2010/01/135519.htm.
(28) D
 mitri Alperovitch, and Ralph Langner. Transcript of Deterrence in Cyberspace:
Debating the Right Strategy with Ralph Langner and Dmitri Alperovitch. Washington, DC, September 20, 2011.
Facebook
(29)

Evan Kohlmann
Keith
Lourdeau, Testimony before the Senate Judiciary Subcommittee on Terrorism,
Technology, and Homeland Security, February 24, 2004, http://www2.fbi.gov/
congress/congress04/lourdeau022404.htm. Eben Kaplan, Terrorists and the Internet, Council on Foreign Relations, last modified January 8, 2009, http://www.
cfr.org/terrorism-and-technology/terrorists-Internet/p10005.
(30)
 William Lynn, Defending a New Domain, Foreign Affairs, Oct. 2010,
http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-newdomain
(31)  Germans Fear Cyber-crime as Digital Blackmail Grows, Reuters, June 30, 2011,
http://in.reuters.com/article/2011/06/30/idINIndia-58011620110630.
(32) R
 obert Mackey, Operation Payback Attacks Target MasterCard and PayPal Sites
to Avenge WikiLeaks, New York Times, December 8, 2010, http://thelede.blogs.
nytimes.com/2010/12/08/operation-payback-targets-mastercard-and-paypalsites-to-avenge-wikileaks/.
(33) J ohn Markoff, Before the Gunfire, Cyberattacks, New York Times, August 12,
2008, http://www.nytimes.com/2008/08/13/technology/13cyber.html.

31

(34) C
 hristopher Drew, Stolen Data Is Tracked to Hacking at Lockheed, New York
Times, June 3, 2011. http://www.nytimes.com/2011/06/04/technology/04security.
html.
(35) C
 hristopher R. Hughes and Gudrun Wacker, China and the Internet: Politics of the
Digital Leap Forward (London: Routledge, 2003), 145.
(36) R
 ichard A. Clarke and Robert K. Knake, Cyber War: The Next Threat to National
Security and What to Do about It (New York: HarperCollins, 2010), 198.
(37) W
 illiam J. Broad, John Markoff and David E. Sanger, Israeli Test on Worm Called
Crucial in Iran Nuclear Delay, New York Times, January 15, 2011, http://www.
nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?pagewanted=all.
(38) G
 eorge R. Lucas, Jr. Permissible Preventive Cyberwar: Restricting Cyber
Conflict to Justified Military Targets. Presentation at Society of Philosophy and
Technology conference, University of North Texas, May 28, 2011.
(39) J erry Brito and Tate Watkins, Loving the Cyber Bomb: The Dangers of Threat
Inflation in Cyber Policy, MercatusCenter Working Paper, April 2011, http://mercatus.org/sites/default/files/publication/WP1124_Loving_cyber_bomb.pdf
(40) P
 eter R. Teachout, Making Holocaust Denial a Crime: Reflections on European
Anti-Negationist Laws from the Perspective of U.S. Constitutional Experience,
Vermont Law Review 30 (2006): 655-692.
(41)
 2011
Office of the National Counterintelligence Executive, Foreign Spies Stealing US Economic Secrets in Cyberspace, October 2011,
available at http://www.ncix.gov/publications/reports/fecie_all/Foreign_Economic_Collection_2011.pdf
(42) T
 eresa Larraz, Spanish Botnet Potent Enough to Attack Country: Police,
Reuters, March 3, 2010, accessed September 26, 2011, http://www.reuters.com/
article/2010/03/03/us-crime-hackers-idUSTRE6214ST20100303.
(43) Singer and Schachtman, 2011.
(44) C
 arr, J. (2008, October 17). Project Grey Goose Phase I Report. Retrieved from
http://www.scribd.com/doc/6967393/Project-Grey-Goose-Phase-I-Report;
Krekel, Bryan. Capability of the Peoples Republic of China to Conduct Cyber
Warfare and Computer Network Exploitation, Northrop Grumman Corporation,
9 October 2009.
(45)  War in the fifth domain. Are the mouse and keyboard the new weapons of conflict? The Economist. July 1, 2010. http://www.economist.com/node/16478792.
(46)
 Mark Bowden, Worm: The First Digital World War, (Atlantic
Monthly Press, 2011).
(47) L
 arry Magid, Many Ways to Activate Webcam sans Spy Software, cnet News,
February 22, 2010, accessed September 27, 2011, http://news.cnet.com/830119518_3-10457737-238.html; Lech Janczewski and Andrew M. Colarik edited,
Cyber Warfare and Cyber Terrorism, (London: IGI Global, 2008), 311.
(48) N
 oah Shachtman, Exclusive: Computer Virus hits US Drone Fleet, Wired
Danger Room, Oct. 10, 2011. http://www.wired.com/dangerroom/2011/10/virushits-drone-fleet/

32

(49) J ohn W. Rittinghouse and Bill Hancock, Cybersecurity Operations Handbook: The
Definitive Reference on Operation Cybersecurity (Digital Press, 2003), 42-45.
(50)
 Mark Clayton, US Oil Endustry
Hit by Cyberattacks: Was China Involved? Christian Science Monitor, January
25, 2010. http://www.csmonitor.com/USA/2010/0125/US-oil-industry-hit-bycyberattacks-Was-China-involved
(51)  The Stuxnet Outbreak: A Worm in the Centrifuge, The Economist, September
30,2010, http://www.economist.com/node/17147818.
(52) W
 illiam J. Lynn III, Defending a New Domain: The Pentagons Cyberstrategy,
Foreign Affairs, September/October 2010.
(53)
 Debora Plunkett

Jason Mick, NSA Switches to Assuming Security Has Always Been Compromised, Daily Tech, Dec 17, 2010.
(54) M
 ichael Brown et al, Offense, Defense and War (Cambridge, MA, MIT Press,
2004).
(55) M
 ark Clayton, How Stuxnet cyber weapon targeted Iran nuclear plant, Christian
Science Monitor, November 16, 2010, http://www.csmonitor.com/USA/2010/1116/
How-Stuxnet-cyber-weapon-targeted-Iran-nuclear-plant.
(56) Ibid.
(57) J on Russel, Importance of Microblogs in China Shown as Weibo Pass 550 Million
Users, The Next Web, Nov. 11, 2011. http://thenextweb.com/asia/2011/11/11/
importance-of-microblogs-in-china-shown-as-weibos-pass-550-million-users/
(58) K
 im Zetter, Fearing Industrial Destruction, Researcher Delays Disclosure of
New Siemens SCADA Holes, Wired, May 18, 2011, accessed September 27, 2011,
http://www.wired.com/threatlevel/2011/05/siemens-scada-vulnerabilities/.
(59) D
 avid Hoffman, The Dead Hand: The Untold Story of the Cold War Arms Race and
its Dangerous Legacy (New York: Doubleday, 2009).
(60) R
 alph Langner. Transcript of Deterrence in Cyberspace: Debating the Right
Strategy with Ralph Langner and Dmitri Alperovitch. Washington, DC, September 20, 2011.
(61) Ibid.
(62) T
 om Espiner, McAfee: Why Duqu is a big deal, ZDNet UK, 26 October, 2011.
http://www.zdnet.co.uk/news/security-threats/2011/10/26/mcafee-why-duqu-isa-big-deal-40094263/
(63) Security in Embedded Devices, McAfee presentation, June 22, 2011.
(64)
 Carolyn Bartholomew, 2009 Report to Congress of the U. S. -China Economic
and Security Review Commission, (DIANE Publishing, 2010), 170.
(65)
 Joseph Menn, Agreement
on Cybersecurity Badly Needed, Financial Times, Oct. 12, 2011.
(66) L
 ouis Kriesberg, Constructive Conflicts: From Escalation to Resolution, 3rd ed.
(Lanham, MD: Rowman & Littlefield, 2007), 239

33

(67) D
 epartment of Homeland Security, Enabling Distributed Security in Cyberspace:
Building a Healthy and Resilient Cyber Ecosystem with Automated Collective Action, March 23, 2011, http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystemwhite-paper-03-23-2011.pdf.
(68) U
 nited States House Financial Services Subcommittee on Oversight and Investigations, testimony by Stuart Levey, Under Secretary for Terrorism and Financial
Intelligence, U.S. Department of the Treasury, 109th Congress, 2nd Session, July
11,2006, http://financialservices.house.gov/media/pdf/071106sl.pdf (accessed Oct.
7, 2011); Sue E. Eckert, The US Regulatory Approach to Terrorist Financing, in
Countering the Financing of Terrorism, ed. Thomas J. Biersteker and Sue E. Eckert
(New York: Routledge, 2008); Phil Williams, Warning Indicators and Terrorist
Finances, in Jeanne K. Giraldo and Harold A. Trinkunas, Terrorism Financing
and State Responses: A Comparative Perspective (Stanford, CA: Stanford University
Press, 2007).
(69) R
 obert Radvanovsky and Allan McDougall, Critical Infrastructure: Homeland
Security and Emergency Preparedness, 2nd ed. (Boca Raton, FL: Taylor & Francis,
2010), 3; , ,
260, no. 2 (2007): 52-54.
(70) S tanford Arms Control Group, International Arms Control: Issues and Agreements,
2nd ed. edited by Coit D. Blacker and Gloria Duffy (Stanford: Stanford University
Press, 1976), 237.
(71)


(72) K
 arl Rauscher and Zhou Yonglin, Fighting Spam to Build Trust, EastWest Institute and Internet Society of China joint paper, May 2011. Available at http://www.
isn.ethz.ch/isn/Digital-Library/Publications/Detail/?ots591=0c54e3b3-1e9c-be1e2c24-a6a8c7060233&lng=en&id=130065
(73) D
 epartment of Defense, Department of Defense Strategy for Operating in
Cyberspace, July 2011, accessed Oct. 7, 2011, http://www.defense.gov/news/
d20110714cyber.pdf
(74) A
 my F. Wool, U.S. Nuclear Weapons: Changes in Policy and Force Structure,
CRS Report for Congress, Jan. 23, 2008, accessed Oct. 7, 2011, http://fpc.state.gov/
documents/organization/101742.pdf.
(75) M
 endez, The Master of Disguise: My Secret Life in the CIA (New York: William
Morrow Paperbacks, 2000), 348.
(76) Andrea Shalal-Esa, Ex-U.S. general urges frank talk on cyber weapons,
Reuters, Nov. 6, 2011.

34

1983~2009

19988200010

21

21

35

The Brookings Institution


1775 Massachusetts Ave., NW
Washington, D.C. 20036
brookings.edu